Information Security Compliance Engineer

This is a remote position.

• Conduct risk assessments and threat modeling implement and coordinate actionable reduction tactics to address issues and mitigate risks and oversee risk remediation efforts.
  
• Engage with engineers from infrastructure and development teams to provide technical guidance for security requirements architecture design and development practices.
  
• Provide engineering support for controls to comply with NIST SP800171 NIST SP80053 and ISO 27001/2 requirements.
  
• Write control descriptions based on current architecture and propose remediation actions at the technical operational level.
  
• Create and update the organization s information security policies standards procedures and guidelines.
  
• Evaluate emerging trends and technology and work with technical teams to understand and prepare for a potential impact to the organization s information security posture.
  

Requirements

• 7 years of demonstrated IT Security engineering work experience providing guidance to project teams.
  
• 5 years of demonstrated TCP/IP network engineering and administration experience.
  
• 5 years of demonstrated Windows / Linux system engineering and administration experience.
  
• Demonstrated experience working with secureSDLC practices in a commercial environment utilizing agile and DevOps models.
  
• Demonstrated experience in implementing and maintaining security controls in onpremise and cloud environments.
  
• Demonstrated experience performing risk assessments and threat modeling.
  
• Demonstrated experience in writing System Security Plans and POAMs.
  
• Significant experience in working with ISO 27001/2 NIST 800171 and NIST 80053.
  
• Demonstrated ability to understand and respond to complex business requirements.
  
• Demonstrated ability in strong verbal and written communication skills to interface with technical and business stakeholders.
  
• Significant experience working in Jira and Confluence.
  
• Be able to pass background investigation to attain and maintain Trusted Role access to company systems.
  
• Experience / familiarity with these networking technologies:
  
• Key network services including HTTP/SMTP/DNS and supporting technologies including web domain and mail servers
  
• Encryption (IPSec/SSL/TLS)
  
• Network Security (e.g. Firewalls Network Access Controls Proxies SPAM/Phishing Prevention etc)
  

Preferred Qualifications:

• CISSP and other technical certifications are a plus.
  
• Experience with Governance Risk and Compliance tools.
  
• Cloud computing and architecture.
  
• Windows Domains and Active Directory.
  
• Endpoint Protections (HIPS/HIDS).
  
• Web Application Programming (Java and related technologies).
  
• Knowledge and demonstrated experience designing multitier highly available multithreaded scalable architectures.
  
• Secure development frameworks (e.g. OWASP SAMM Microsoft Security Development Lifecycle IBM Secure Engineering Framework etc.)
  
• Public Key Infrastructure (PKI)
  
• Identity Federation Technologies (SAML etc.)
  
• Business Continuity and Disaster Recovery planning.
  
• SharePoint
  
• Data Loss Prevention (DLP)
  
• Data Labeling and Information Rights Management.
  
• S/MIMEbased Secure Email.
  
• Windows Domains and Active Directory.
  
• Identity Access Management (IAM).
  

Education:

• Bachelor s or master s degree from an accredited university in IT related discipline
  

Benefits